>From: owner-openssl-us...@openssl.org On Behalf Of Lee Hambley >Sent: Thursday, 11 April, 2013 02:33
>I've been battling the following code for a couple of hours >armed with my Network Security With OpenSSL book to little avail. >#include <openssl/rsa.h> >#include <openssl/x509.h> >#include <stdio.h> >extern unsigned char _binary____certificates_der_start; >extern unsigned char _binary____certificates_der_size; I see below this is apparently a very weird object-file trick. >int main(int argc, char argv[]) { > RSA *public_key = NULL; > int public_key_len = (int)&_binary____certificates_der_size; > const unsigned char *public_key_buffer = &_binary____certificates_der_start; > public_key = d2i_RSAPublicKey(NULL, &public_key_buffer, public_key_len); > if ( !public_key) { <snip> A certificate and a publickey are very different things. Your tool below seems to have chosen a very inapposite name apparently by default; it would be nice if you can change that. >The "dir.o" is being built with: "objcopy --input binary --output >elf32-littlearm --binary-architecture arm ../certificates/pubkey.der der.o", >which I believe is correct, although naturally the ".o" file is quite large, >the `&_binary____certificates_der_size` reports the correct size (294 in my case). Using a presumably-absolute "address" for a size? Yuck! The classic way to do this was a _start address and an _end address. Oh well. How was ../certificates/pubkey.der created and what exactly is in it? If it was created by openssl commandline genrsa or genpkey or similar those write "PUBKEY" format (which is actually SubjectPublicKeyInfo from X.509) not the algorithm-specific format RSAPublicKey (or others). If that's what you have, use d2i_PUBKEY to get an EVP_PKEY, or d2i_RSA_PUBKEY to get an RSA (and NULL if the key isn't RSA). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org